Add Dracut patch

author: Julien Roy <julien@jroy.ca> 2022-04-06 20:52:41 -0400
committer: Julien Roy <julien@jroy.ca> 2022-04-06 20:52:41 -0400
commit: 36526425087078e57a8b98dbcd813b7f5d2d62ff (patch)
tree: 0a33ae1175e8519bdd7e810ad941fc5d5fb346da /app-crypt
parent: b01a62bbd176a554cfb63ceb4f6cc5d5d7a1d971 (diff)
download: MrRoy-Overlay-36526425087078e57a8b98dbcd813b7f5d2d62ff.tar.gz
MrRoy-Overlay-36526425087078e57a8b98dbcd813b7f5d2d62ff.tar.bz2
MrRoy-Overlay-36526425087078e57a8b98dbcd813b7f5d2d62ff.zip
3 files changed, 256 insertions, 1 deletions
diff --git a/app-crypt/clevis/Manifest b/app-crypt/clevis/Manifest
index dff6aba..f881df2 100644
--- a/app-crypt/clevis/Manifest
+++ b/app-crypt/clevis/Manifest
@@ -1,3 +1,4 @@
+AUX clevis-dracut.patch 9686 BLAKE2B f27fc96a16076a9bda7a9def31cb19f3b50ad8a5bc0be8a8d8846f1ceb325250c6d15d063bbb481731fee65f4f7576fd5f898d9070d0552a37507ae6df801d87 SHA512 4cc1ca39468f96af351d6902640ad455d61d4a11c22d04b7d10cca9fc6a4eda0b324f6b9fa880dd260b08c5e1e3f36fc2723873b2494220ab5351c1ab9993f54
 DIST clevis-18.tar.gz 78191 BLAKE2B 317f30df3c05a9a651363daf17b9320e47a903929af991ecfd9d4d3d630a0ab8e92815db2e5736e9b9ca7f3fb4a41f4cf198ec447f04a9849f4d2a03bb196b22 SHA512 19b6743ff61ff7e29699bbc3fb69dfa31567a37ab824629330b57c92aa89b70759d63c1770be68d4525681ec9ba56d980cae2bb1cdeee6192992ede449a0e4ff
-EBUILD clevis-18.ebuild 593 BLAKE2B ff25230625f81d30808a219245ea5f7f149b66cacf34b0c64b07fba781d71998f325882b1d5feb34003184c894b2a7b26935155004fd6799a5001a7e77272c72 SHA512 655fbdcefbd9631a42835a7a156c7116dc188326ecc68c739435c4b5909f709b57478574c21fd102f9f11e6e99b817e34251a7af0151569bdbcbcadd1ed35500
+EBUILD clevis-18.ebuild 640 BLAKE2B 41e83cc3361e5ca6043f2a60d3596a8c15d6d8c4952835b43865f3f0eb5096ce93885240a2d0e17e67e019cf4c2ef81f45a59d73d9d03fbce4d63cfbacdaf780 SHA512 8ca64113a43dc41bdafc6a44ccb2cad3449d2a766b5f740d1106ea8409ccd2e64721de99da11d46a5428888dfd9703c28a97a0925e61fc393667e6e7ff48fac3
 MISC metadata.xml 348 BLAKE2B 1b14da99bbbe7758c627af4b68c5afa6a149f10cc6f5b0430bbecb4402b7036e40ee556462dd6def2f8e21654ddf55aee2effa4f6e857f8ee3709339500ddc57 SHA512 269fcfd719d6c04632ae8c464e599869f02853807c81e2fc721203842d1927170d4439a3520afeb8f5017d97d5e53a2501f96d3cbd5614dcd54ff379eb2acc19
diff --git a/app-crypt/clevis/clevis-18.ebuild b/app-crypt/clevis/clevis-18.ebuild
index 0c165ea..7e7b307 100644
--- a/app-crypt/clevis/clevis-18.ebuild
+++ b/app-crypt/clevis/clevis-18.ebuild
@@ -5,6 +5,10 @@ EAPI=8
 
 inherit meson
 
+PATCHES=(
+	"${FILESDIR}/${PN}-dracut.patch"
+)
+
 DESCRIPTION="Automated Encryption Framework"
 HOMEPAGE="https://github.com/latchset/clevis"
 SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
diff --git a/app-crypt/clevis/files/clevis-dracut.patch b/app-crypt/clevis/files/clevis-dracut.patch
new file mode 100644
index 0000000..7aec43e
--- /dev/null
+++ b/app-crypt/clevis/files/clevis-dracut.patch
@@ -0,0 +1,250 @@
+From a5aa695821e34fb218c7d705065aaf7077737c8c Mon Sep 17 00:00:00 2001
+From: Jonathan Davies <jpds@protonmail.com>
+Date: Fri, 5 Nov 2021 15:24:12 +0000
+Subject: [PATCH] Moved dracut directory up to top-level to decouple it with
+ systemd.
+
+Adds a clevis-luks-generic-unlocker for alternative use without systemd.
+
+Based on patch by Sergio Correia <scorreia@redhat.com>
+
+Closes: #346
+
+Signed-off-by: Jonathan Davies <jpds@protonmail.com>
+---
+ .../dracut/clevis-pin-sss/meson.build         |  0
+ .../dracut/clevis-pin-sss/module-setup.sh.in  |  0
+ .../dracut/clevis-pin-tang/meson.build        |  0
+ .../dracut/clevis-pin-tang/module-setup.sh.in |  0
+ .../dracut/clevis-pin-tpm2/meson.build        |  0
+ .../dracut/clevis-pin-tpm2/module-setup.sh.in |  0
+ src/dracut/clevis/clevis-hook.sh.in           |  3 +
+ .../clevis/clevis-luks-generic-unlocker       | 70 +++++++++++++++++++
+ .../systemd => }/dracut/clevis/meson.build    |  1 +
+ .../dracut/clevis/module-setup.sh.in          | 19 +++--
+ src/{luks/systemd => }/dracut/meson.build     |  0
+ .../systemd/dracut/clevis/clevis-hook.sh.in   |  2 -
+ src/luks/systemd/meson.build                  |  1 -
+ src/meson.build                               |  1 +
+ 14 files changed, 90 insertions(+), 7 deletions(-)
+ rename src/{luks/systemd => }/dracut/clevis-pin-sss/meson.build (100%)
+ rename src/{luks/systemd => }/dracut/clevis-pin-sss/module-setup.sh.in (100%)
+ rename src/{luks/systemd => }/dracut/clevis-pin-tang/meson.build (100%)
+ rename src/{luks/systemd => }/dracut/clevis-pin-tang/module-setup.sh.in (100%)
+ rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/meson.build (100%)
+ rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/module-setup.sh.in (100%)
+ create mode 100755 src/dracut/clevis/clevis-hook.sh.in
+ create mode 100755 src/dracut/clevis/clevis-luks-generic-unlocker
+ rename src/{luks/systemd => }/dracut/clevis/meson.build (87%)
+ rename src/{luks/systemd => }/dracut/clevis/module-setup.sh.in (76%)
+ rename src/{luks/systemd => }/dracut/meson.build (100%)
+ delete mode 100755 src/luks/systemd/dracut/clevis/clevis-hook.sh.in
+
+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/meson.build b/src/dracut/clevis-pin-sss/meson.build
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-sss/meson.build
+rename to src/dracut/clevis-pin-sss/meson.build
+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in b/src/dracut/clevis-pin-sss/module-setup.sh.in
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in
+rename to src/dracut/clevis-pin-sss/module-setup.sh.in
+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/meson.build b/src/dracut/clevis-pin-tang/meson.build
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tang/meson.build
+rename to src/dracut/clevis-pin-tang/meson.build
+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in
+rename to src/dracut/clevis-pin-tang/module-setup.sh.in
+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/meson.build b/src/dracut/clevis-pin-tpm2/meson.build
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tpm2/meson.build
+rename to src/dracut/clevis-pin-tpm2/meson.build
+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in b/src/dracut/clevis-pin-tpm2/module-setup.sh.in
+similarity index 100%
+rename from src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in
+rename to src/dracut/clevis-pin-tpm2/module-setup.sh.in
+diff --git a/src/dracut/clevis/clevis-hook.sh.in b/src/dracut/clevis/clevis-hook.sh.in
+new file mode 100755
+index 0000000..91ff2bd
+--- /dev/null
++++ b/src/dracut/clevis/clevis-hook.sh.in
+@@ -0,0 +1,3 @@
++#!/bin/bash
++
++@libexecdir@/clevis-luks-generic-unlocker -l
+diff --git a/src/dracut/clevis/clevis-luks-generic-unlocker b/src/dracut/clevis/clevis-luks-generic-unlocker
+new file mode 100755
+index 0000000..a3b9d62
+--- /dev/null
++++ b/src/dracut/clevis/clevis-luks-generic-unlocker
+@@ -0,0 +1,70 @@
++#!/bin/bash
++set -eu
++# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
++#
++# Copyright (c) 2020-2021 Red Hat, Inc.
++# Author: Sergio Correia <scorreia@redhat.com>
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++
++. clevis-luks-common-functions
++
++# Make sure to exit cleanly if SIGTERM is received.
++trap 'echo "Exiting due to SIGTERM" && exit 0' TERM
++
++loop=
++while getopts ":l" o; do
++    case "${o}" in
++    l) loop=true;;
++    *) ;;
++    esac
++done
++
++to_unlock() {
++    local _devices='' _d _uuid
++    for _d in $(lsblk -o PATH,FSTYPE,RM \
++               | awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' | sort -u);
++    do
++        if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \
++                         || [ -z "${bindings}" ]; then
++            continue
++        fi
++        _uuid="$(cryptsetup luksUUID "${_d}")"
++        if clevis_is_luks_device_by_uuid_open "${_uuid}"; then
++            continue
++        fi
++        _devices="$(printf '%s\n%s' "${_devices}" "${_d}")"
++    done
++    echo "${_devices}" | sed -e 's/^\n$//'
++}
++
++while true; do
++    for d in $(to_unlock); do
++        uuid="$(cryptsetup luksUUID "${d}")"
++        if ! clevis luks unlock -d "${d}"; then
++            echo "Unable to unlock ${d} (UUID=${uuid})" >&2
++            continue
++        fi
++        echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2
++    done
++
++    [ "${loop}" != true ] && break
++    # Checking for pending devices to be unlocked.
++    if remaining=$(to_unlock) && [ -z "${remaining}" ]; then
++        break;
++    fi
++
++    sleep 0.5
++done
+diff --git a/src/luks/systemd/dracut/clevis/meson.build b/src/dracut/clevis/meson.build
+similarity index 87%
+rename from src/luks/systemd/dracut/clevis/meson.build
+rename to src/dracut/clevis/meson.build
+index 167e708..224e27f 100644
+--- a/src/luks/systemd/dracut/clevis/meson.build
++++ b/src/dracut/clevis/meson.build
+@@ -16,6 +16,7 @@ if dracut.found()
+     install_dir: dracutdir,
+     configuration: data,
+   )
++  install_data('clevis-luks-generic-unlocker', install_dir: libexecdir)
+ else
+   warning('Will not install dracut module due to missing dependencies!')
+ endif
+diff --git a/src/luks/systemd/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in
+similarity index 76%
+rename from src/luks/systemd/dracut/clevis/module-setup.sh.in
+rename to src/dracut/clevis/module-setup.sh.in
+index bfe657c..dbce790 100755
+--- a/src/luks/systemd/dracut/clevis/module-setup.sh.in
++++ b/src/dracut/clevis/module-setup.sh.in
+@@ -19,7 +19,11 @@
+ #
+ 
+ depends() {
+-    echo crypt systemd
++    local __depends=crypt
++    if dracut_module_included "systemd"; then
++        __depends=$(printf '%s systemd' "${_depends}")
++    fi
++    echo "${__depends}"
+     return 255
+ }
+ 
+@@ -27,17 +31,24 @@ install() {
+     if dracut_module_included "systemd"; then
+         inst_multiple \
+             $systemdsystemunitdir/clevis-luks-askpass.service \
+-            $systemdsystemunitdir/clevis-luks-askpass.path
++            $systemdsystemunitdir/clevis-luks-askpass.path \
++            @SYSTEMD_REPLY_PASS@ \
++            @libexecdir@/clevis-luks-askpass
+         systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
+     else
+         inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
+         inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh"
++
++	inst_multiple \
++            @libexecdir@/clevis-luks-generic-unlocker \
++            clevis-luks-unlock \
++            lsblk \
++            sort \
++            awk
+     fi
+ 
+     inst_multiple \
+         /etc/services \
+-        @SYSTEMD_REPLY_PASS@ \
+-        @libexecdir@/clevis-luks-askpass \
+         clevis-luks-common-functions \
+         grep sed cut \
+         clevis-decrypt \
+diff --git a/src/luks/systemd/dracut/meson.build b/src/dracut/meson.build
+similarity index 100%
+rename from src/luks/systemd/dracut/meson.build
+rename to src/dracut/meson.build
+diff --git a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in b/src/luks/systemd/dracut/clevis/clevis-hook.sh.in
+deleted file mode 100755
+index cb257c9..0000000
+--- a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in
++++ /dev/null
+@@ -1,2 +0,0 @@
+-#!/bin/bash
+-@libexecdir@/clevis-luks-askpass
+diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build
+index e3b3d91..b10494e 100644
+--- a/src/luks/systemd/meson.build
++++ b/src/luks/systemd/meson.build
+@@ -10,7 +10,6 @@ sd_reply_pass = find_program(
+ 
+ if systemd.found() and sd_reply_pass.found()
+   data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path())
+-  subdir('dracut')
+ 
+   unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir')
+ 
+diff --git a/src/meson.build b/src/meson.build
+index c4e696f..a0dff5b 100644
+--- a/src/meson.build
++++ b/src/meson.build
+@@ -1,6 +1,7 @@
+ subdir('bash')
+ subdir('luks')
+ subdir('pins')
++subdir('dracut')
+ subdir('initramfs-tools')
+ 
+ bins += join_paths(meson.current_source_dir(), 'clevis-decrypt')
author	Julien Roy <julien@jroy.ca>	2022-04-06 20:52:41 -0400
committer	Julien Roy <julien@jroy.ca>	2022-04-06 20:52:41 -0400
commit	36526425087078e57a8b98dbcd813b7f5d2d62ff (patch)
tree	0a33ae1175e8519bdd7e810ad941fc5d5fb346da /app-crypt
parent	b01a62bbd176a554cfb63ceb4f6cc5d5d7a1d971 (diff)
download	MrRoy-Overlay-36526425087078e57a8b98dbcd813b7f5d2d62ff.tar.gz MrRoy-Overlay-36526425087078e57a8b98dbcd813b7f5d2d62ff.tar.bz2 MrRoy-Overlay-36526425087078e57a8b98dbcd813b7f5d2d62ff.zip